<?php
require('header.php');

echo "<h2>Checkout</h2><br>";

if (empty($_POST)) {
	$total = 0;
	foreach($_SESSION['cart'] as $product_id => $quantity) {
		$sql = "SELECT name, price FROM item WHERE part_no =" . $product_id;
		$result = mysqli_query($con, $sql);
		list($name, $price) = mysqli_fetch_row($result);

		$line_cost = $price * $quantity; //work out the line cost
		$total = $total + $line_cost; //add to the total cost

		echo "<br><strong>$name:</strong> $price";
	}

	echo "<br><br><strong>Total: $total</strong>";


	$query = "SELECT * FROM address WHERE email='" . $_SESSION['email'] . "' AND (type='shipping' OR type='both')";
	if($result = mysqli_query($con, $query)) {
		$row = mysqli_fetch_array($result);
		$street = $row['street'];
		$city = $row['city'];
		$state = $row['state'];
		$zip = $row['zip'];
	} else {
		echo "There was an error with the query: " . mysqli_error($con);
	}

	?>

	<form action='' method='post'>
	<br><br>Shippping address:
	<table>
	<tr><td>Street: </td><td><input type='text' name='street' value='<?php echo $street ?>'></td></tr>
	<tr><td>City: </td><td><input type='text' name='city' value='<?php echo $city ?>'></td></tr>
	<tr><td>State: </td><td><input type='text' name='state' value='<?php echo $state ?>'></td></tr>
	<tr><td>ZIP code: </td><td><input type='text' name='zip' value='<?php echo $zip ?>'></td></tr>
	</table>
	<br><br>Method of payment:
	<br><input type='radio' name='payment' value='card' id='card'><label for='card'> credit card</label></input>
	<br><input type='radio' name='payment' value='complete' id='cod'><label for='cod'> cash on delivery</label></input>
	<input type='hidden' name='total' value='<?php echo $total; ?>'>
	<br><input type='submit' name='enter' value='submit'>
	</form>

	<?php
} else if ($_POST['payment'] == 'complete') {
	// Remove one of each item from the stock table
	$query = "UPDATE stock SET quantity=quantity-1 WHERE itemID IN (";
	foreach($_SESSION['cart'] as $product_id => $quantity) {
		$query .= $product_id . ", ";
	}
	$query  = substr($query, 0, -2);
	$query .= ") LIMIT 1";

	// echo $query . "<br>";
	mysqli_query($con, $query);

	// Add each item to purchase history
	foreach($_SESSION['cart'] as $product_id => $quantity) {
		$sql = "SELECT name, price FROM item WHERE part_no =" . $product_id;
		$result = mysqli_query($con, $sql);
		list($name, $price) = mysqli_fetch_row($result);

		if (isset($_POST['method'])) $method = 'credit card'; else $method = 'cash on delivery';

		$timestamp = date('Y-m-d H:i:s', time()); 
		$timestamp2 = date('Y-m-d H:i:s', strtotime("+7 days", time()));
		// echo $timestamp . "<br>";
		// echo $timestamp2 . "<br><br>";

		$query = "INSERT INTO purchase_history VALUES ($product_id, 
									'" . $_SESSION['email'] . "', 
									'$timestamp', 
									'online', 
									$price, 
									$quantity, 
									'$method', 
									'$timestamp2', 
									0)";
		// echo $query . "<br><br>";
		if(!mysqli_query($con, $query)) echo mysqli_error($con) . "<br>";

	}

	unset($_SESSION['cart']);

	echo "Thank you for your purchase! Your order will be shipped soon.";

} else if ($_POST['payment'] == 'card') {

	$query = "SELECT * FROM address WHERE email='" . $_SESSION['email'] . "' AND (type='billing' OR type='both')";
	if($result = mysqli_query($con, $query)) {
		$row = mysqli_fetch_array($result);
		$street = $row['street'];
		$city = $row['city'];
		$state = $row['state'];
		$zip = $row['zip'];
	} else {
		echo "There was an error with the query: " . mysqli_error($con);
	}

	?>

	<form action='' method='post'>
	<br><br>Billing Address:
	<table>
	<tr><td>Street: </td><td><input type='text' name='street' value='<?php echo $street ?>'></td></tr>
	<tr><td>City: </td><td><input type='text' name='city' value='<?php echo $city ?>'></td></tr>
	<tr><td>State: </td><td><input type='text' name='state' value='<?php echo $state ?>'></td></tr>
	<tr><td>ZIP code: </td><td><input type='text' name='zip' value='<?php echo $zip ?>'></td></tr>
	</table>
	<br><br>Card Information:
	<table border='0'>
	<tr><td>Name: </td><td><input type='text'></td></tr>
	<tr><td>Number: </td><td><input type='text'></td></tr>
	<tr><td>Security code: </td><td><input type='text'></td></tr>
	<tr><td>Expiration date: </td><td><input type='text'></td></tr>
	</table>
	<input type='hidden' name='payment' value='complete'>
	<input type='hidden' name='method' value='card'>
	<br><input type='submit' name='enter' value='submit'>
	</form>
	
	<?php
}



require('footer.php');
?>